We came across this news and this tweet which spoke about how money lending apps (loan apps) on Google Play Store abuse and threaten the user, demanding exorbitant amounts of money. These money lending apps collect money with high interest rates and then threaten the user if there is any delay in repaying the dues and in some cases, even after clearing the dues the loan agent demands more money. If the user does not repay the demanded money, abusive messages/images of the user will be sent to all the contacts in the user’s device. There are many reports of users taking their own life as they were unable to withstand the harassment. And the more saddening part is that some of these apps are still available in Google Play Store.
Some of the loan apps in Google Play Store are shown in Figure 1.
Some user reviews in Google Play Store are shown in Figure 2.
In this blog, we will be analysing the com.lvcash.lvcashcomshoz app in Google Play Store.
This loan app is named “Cash Advance” in Google Play Store.
When the user installs this app as shown in Figure 3, the app requests for a list of permissions as shown in Figure 4. Why does a loan app request these permissions? Whenever any app is installed, users should be alert as to what permissions are sought by the app and decide which permissions are actually necessary for the app to function properly.
This app accesses the camera on the user’s device as shown in Figure 5 and captures images and records videos of the user as shown in Figure 6, which can later be used to threaten them.
The app collects the contact lists from the user’s device as shown in Figure 7. Later, the loan agent threatens the user by sending abusive messages/images to this collected contact list.
The app also collects a list of installed packages from the user’s device as shown in Figure 8.
The app collects the location, SMS details and device information from the user’s device as shown in Figure 9 and Figure 10.
- Carefully read the user review’s before downloading any app
- Be aware of what information the app collects from the user’s device
- Protect your device and data with a reputed security product like K7 Mobile Security and keep it up to date to protect yourself of the threats lurking around
We at K7 Labs detect such kinds of threats and are constantly working to protect our users.
Indicators of Compromise (IoCs)
|Spyware ( 005923441 )
|Trojan ( 0001140e1 )
|Spyware ( 005926b41 )
|Trojan ( 005926b31 )
|Trojan ( 0001140e1 )